On Homomorphic Encryption and Chosen-Ciphertext Security

Hemenway, Brett; Ostrovsky, Rafail

doi:10.1007/978-3-642-30057-8_4

Cited by 16 publications

(17 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Reproducible PKE is an arguably simpler way to achieve lossy TDFs than the aforementioned hash proof system. In [12], they also showed that homomorphic encryptions with cyclic ciphertext space imply lossy TDFs. Freeman et al [8] showed lossy TDFs and correlation secure TDFs from various number theoretic assumptions.…”

Section: Other Related Workmentioning

confidence: 96%

Lossy trapdoor functions from homomorphic reproducible encryption

Choi

Wee

2012

Information Processing Letters

View full text Add to dashboard Cite

Section: Other Related Workmentioning

confidence: 96%

Lossy trapdoor functions from homomorphic reproducible encryption

Choi

Wee

2012

Information Processing Letters

View full text Add to dashboard Cite

“…Peikert and Waters [53] showed that CCA secure PKE can be constructed from any lossy trapdoor function (TDF), and subsequent works showed that injective TDFs with weaker properties suffice: injective TDFs secure for correlated inputs [55], slightly lossy TDFs [49], adaptive one-way TDFs [46], and adaptive one-way relations [59]. (CPA secure) PKE schemes with additional security/functional properties have also turned out to be useful for constructing CCA secure PKE: Hemenway and Ostrovsky [40] showed that we can construct CCA secure PKE in several ways from homomorphic encryption with appropriate properties. The same authors [41] also showed that CCA secure PKE can be constructed from a lossy encryption scheme [6] if the plaintext space is larger than the randomness space (the results of [40,41] achieve CCA secure PKE via lossy TDFs [53]).…”

Section: Background and Motivationmentioning

confidence: 99%

“…(CPA secure) PKE schemes with additional security/functional properties have also turned out to be useful for constructing CCA secure PKE: Hemenway and Ostrovsky [40] showed that we can construct CCA secure PKE in several ways from homomorphic encryption with appropriate properties. The same authors [41] also showed that CCA secure PKE can be constructed from a lossy encryption scheme [6] if the plaintext space is larger than the randomness space (the results of [40,41] achieve CCA secure PKE via lossy TDFs [53]). Hohenberger, Lewko, and Waters [42] showed that if one has a PKE scheme which satisfies the notion called detectable CCA security, which is somewhere between CCA1 and CCA2 security, then using it one can construct a CCA secure PKE scheme.…”

Section: Background and Motivationmentioning

confidence: 99%

Chosen Ciphertext Security via Point Obfuscation

Matsuda

Hanaoka

2014

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. In this paper, we show two new constructions of chosen ciphertext secure (CCA secure) public key encryption (PKE) from general assumptions. The key ingredient in our constructions is an obfuscator for point functions with multi-bit output (MBPF obfuscators, for short), that satisfies some (average-case) indistinguishability-based security, which we call AIND security, in the presence of hard-to-invert auxiliary input. Specifically, our first construction is based on a chosen plaintext secure PKE scheme and an MBPF obfuscator satisfying the AIND security in the presence of computationally hard-to-invert auxiliary input. Our second construction is based on a lossy encryption scheme and an MBPF obfuscator satisfying the AIND security in the presence of statistically hard-toinvert auxiliary input. To clarify the relative strength of AIND security, we show the relations among security notions for MBPF obfuscators, and show that AIND security with computationally (resp. statistically) hard-to-invert auxiliary input is implied by the average-case virtual black-box (resp. virtual grey-box) property with the same type of auxiliary input. Finally, we show that a lossy encryption scheme can be constructed from an obfuscator for point functions (point obfuscator) that satisfies re-randomizability and a weak form of composability in the worst-case virtual grey-box sense. This result, combined with our second generic construction and several previous results on point obfuscators and MBPF obfuscators, yields a CCA secure PKE scheme that is constructed solely from a re-randomizable and composable point obfuscator. We believe that our results make an interesting bridge that connects CCA secure PKE and program obfuscators, two seemingly isolated but important cryptographic primitives in the area of cryptography.

show abstract

“…Definition 1 (Group Homomorphic Encryption [2,22]). A public key encryption scheme E = (KeyGen, Enc, Dec) is called group homomorphic, if for every output (pk, sk) of KeyGen(λ), the plaintext space P and the ciphertext space C are non-trivial groups such that -the set of all encryptions C := {Enc pk (m; r) | m ∈ P, r ∈ Rnd} is a non-trivial subgroup of C -the decryption Dec sk is a group homomorphism on C, i.e.…”

Section: Outlinementioning

confidence: 99%

General Impossibility of Group Homomorphic Encryption in the Quantum World

Armknecht

Gagliardoni

Katzenbeisser

et al. 2014

Public-Key Cryptography – PKC 2014

View full text Add to dashboard Cite

Abstract. Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor's algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems.In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.

show abstract

On Homomorphic Encryption and Chosen-Ciphertext Security

Cited by 16 publications

References 32 publications

Lossy trapdoor functions from homomorphic reproducible encryption

Lossy trapdoor functions from homomorphic reproducible encryption

Chosen Ciphertext Security via Point Obfuscation

General Impossibility of Group Homomorphic Encryption in the Quantum World

Contact Info

Product

Resources

About